The weakest link in security is usually not the technology, but the person. Attackers know this, which is why they most often get to passwords, accounts and money through phishing, that is, fraudulent messages pretending to be from a bank, the post office, a courier or a well-known company. The good news is that once you know what to look out for, you will spot most scams at first glance.

What phishing is

Phishing is an attempt to lure sensitive details out of you (passwords, card numbers, login codes) by having the attacker pose as someone trustworthy. You receive an e-mail or a text message (in which case we speak of smishing) that, under some pretext, pushes you to click a link and enter something. The goal is to make you act quickly and without thinking.

How to recognise it

  • Pressure and scare tactics. “Your account will be blocked”, “your parcel is waiting for an extra payment”, “an unauthorised login”. An effort to cause panic and an instant reaction is a classic sign of a scam.
  • A link that does not add up. Hover your mouse over the link (on a phone, press and hold) and see where it really leads. The address is often odd or merely resembles the real one (for example posta-sk.online instead of the official domain).
  • A request for a password or a code. No bank or reputable company will ever ask you to enter a password or a full card number by e-mail.
  • Grammatical errors and odd language, and an impersonal greeting like “Dear customer”.
  • An unexpected attachment you are supposed to open. Attachments in particular often carry malware.

One important note: the advice about grammatical errors no longer holds completely. Attackers now routinely use artificial intelligence, so many scam messages are grammatically flawless and look entirely professional. Perfect language is therefore no proof on its own that a message is genuine. Rely all the more on the other signs, especially on where the link actually leads.

What to do when such a message arrives

  • Do not click and do not open attachments. If you want to verify the matter, go to the bank’s or company’s website manually, through your browser, not via the link in the message.
  • Do not enter anything under pressure. Better to call the official number and ask.
  • Turn on two-factor authentication. Even if an attacker obtains your password, they cannot get into the account without the second step.
  • If you have already entered your details, change your password immediately and contact your bank.

In a company the risk is even greater

It only takes one employee clicking, and an attacker can get into the entire company network. That is why it makes sense to train people regularly, set up e-mail protection and have a procedure ready for what to do in case of suspicion. Investing in prevention is always cheaper than dealing with the consequences.

We will advise and protect you

We will help you set up e-mail protection, two-factor authentication and backups and teach your people to recognise scam messages. If you have received something suspicious or are not sure, feel free to get in touch and we will take a look.